On Thu, 19 Oct 2017 09:09:32 -0500, Pat Riehecky <[email protected]> wrote:
>If memory serves, SL7 has "Less Brittle Kerberos"[1] where as SL6 does >not. This could account for why one works and the other does not. > >Pat > >[1] https://fedoraproject.org/wiki/Features/LessBrittleKerberos That looks promising as an explanation. The problem has been "solved", or at least it has gone away, although I don't really understand why. Without any clear hypothesis as to why it might help, I decided to run "kdestroy -A" on the affected machine to clear expired tickets out of my local cache. That did it. No more clock skew messages. So it looks as if it was a kerberos issue, rather than an ntp one, and the error message wasn't really explaining what was wrong. Thanks to everyone for their advice. Stephen Isard > >On 10/18/2017 07:10 PM, Stephen Isard wrote: >> On Wed, 18 Oct 2017 17:12:46 -0400, R P Herrold <[email protected]> wrote: >> >>> On Wed, 18 Oct 2017, Howard, Chris wrote: >>> >>>> Is it possible the two boxes are talking to two different servers? >>> as the initial post mentioned and showed it was using remote >>> host lists to a pool alias, almost certainly -- >> Oh, I took the question to be about the kerberos server. Yes, you are right, >> ntpd -q returns different results on the two machines. However, as I said >> in the original post, the time on the two machines is the same to within a >> very small amount., well within the five minute tolerance used by kerberos. >> So I don't understand why it should matter that the two machines have >> arrived at the same time by syncing with different servers. >> >>> as a way around, set up ONE unit to act as the local master, >>> and then sync against it, to get 'site coherent' time >> Could you tell me how to do this, or point me at a document that does? >> >> Thanks. >> >>> [a person with more than one clock is never quite _sure_ what >>> time is correct ;) ] >>> >>> >>> for extra geek points, spend $25 on AMZN, and get a GPS USB >>> dongle; run a local top strata server (the first three >>> lintes of the following) >>> >>> [root@router etc]# ntpq -p >>> remote refid st t when poll reach delay >>> offset jitter >>> ============================================================================= >>> GPS_NMEA(0) .GPS. 0 l - 16 0 0.000 >>> 0.000 0.000 >>> SHM(0) .GPS. 0 l - 16 0 0.000 >>> 0.000 0.000 >>> SHM(1) .PPS. 0 l - 16 0 0.000 >>> 0.000 0.000 >>> +ntp1.versadns.c .PPS. 1 u 665 1024 377 51.817 >>> -12.510 19.938 >>> *tock.usshc.com .GPS. 1 u 294 1024 377 34.608 >>> -8.108 10.644 >>> +clmbs-ntp1.eng. 130.207.244.240 2 u 429 1024 377 31.520 >>> -5.674 7.484 >>> +ntp2.sbcglobal. 151.164.108.15 2 u 272 1024 377 23.117 >>> -6.825 10.479 >>> +ntp3.tamu.edu 165.91.23.54 2 u 1063 1024 377 63.723 >>> -3.319 16.813 >>> [root@router etc]# >>> >>> >>> configuring ntp.conf is not all that hard >>> >>> -- Russ herrold > >-- >Pat Riehecky > >Fermi National Accelerator Laboratory >www.fnal.gov >www.scientificlinux.org
